Important issues to consider The QuickTime vulnerability on Windows highlights a few important issues regarding cyber security and older software. Are security updates available? Uninstalling QuickTime isn’t merely a temporary measure that will protect you until a new security update gets released. Although Apple contains to provide support and updates for QuickTime run on Mac OS X, they’re no longer coming out with security updates for QuickTime on Windows. The program for Windows is essentially abandoned; there’s no reason to keep it on your computer. Whatever software you run on your computer, make sure it’s still supported. Without software updates, which often include patches for security vulnerabilities, you’re stuck running older versions of a program. Older software is usually riddled with security holes, leaving you vulnerable to all kinds of attacks. With malicious code, hackers can shut down your system, wipe out your hard drive, and steal or tamper with data. How much time does it take you to respond to security alerts? Whenever you hear about a new vulnerability, you must respond as soon as possible. Hackers operate quickly to exploit known weaknesses in a software program. Along with attending to news of known vulnerabilities, you should also stay alert to any decisions companies make to discontinue software support. Even if the company doesn’t make an official announcement, check when they’ve last updated a program and confirm its status. Apple, for instance, didn’t issue this latest warning; a federal agency did. You can’t always wait for a software company to inform you about a problem. To stay on top of cyber security alerts, it’s best to rely on dedicated IT support. IT professionals will review the software you’ve installed on your devices and ensure that it’s protected and up-to-date. People who use Windows may not even realize they still have QuickTime installed on their device. Furthermore, a program may work safely and effectively on one kind of device or system, but not on another. It’s important to make these distinctions when deciding how to react to a cyber security threat. Within hours of receiving this alert, we were able to send a command to uninstall QuickTime AND block it from ever running again, on over 4,000 windows computers that are currently under our White Mountain Managed IT service agreements.  So even if a user manages to unintentionally resinstall QuickTime, our system will prevent it from runining and will send an alert to let us know. Are you taking a layered approach to cyber security? These recent QuickTime vulnerabilities involve malicious code that can execute once people visit a certain website or opened an infected file. Although hackers can sometimes attack a system without the need for user interaction, in many cases, they rely on people to perform a specific action in order to launch a malware attack. Remain cautious about files and links sent via email, and take care when you’re browsing the Internet to avoid unfamiliar sites. Other defenses include an ongoing security awareness training program, updated anti-malware programs, firewalls, and Internet browsers that can detect and warn you about potentially corrupted sites. Your cyber security defenses should involve layers of protection, combining state-of-the-art software and safe computing habits. Want to see if your IT provider has really protected you from this threat?Try this simlple test; Check to see […]

Know Who to Contact for SupportAs a leader within your organization, you need to lead by example. You should be aware of who to contact within your company for any IT-related issues, and this contact information should be shared with other employees within your organization. By cooperating with IT, your business can improve operations so that you don?t encounter a roadblock when it comes time to upgrade to more recent technology, or perform maintenance on critical hardware and software. Working with VendorsDealing with vendors is part of doing business with technology. Your organization likely has several different vendors for your various hardware and software solutions. Knowing how to communicate with them is key to getting the most from your products. In other words, you should at least be privy to information concerning your organization?s relationship with its vendors. Basic Security Best PracticesThis is a part of business that all of your employees should be familiar with. Data security is one of the most crucial parts of running a business, and your team needs to understand this if you want to ensure maximum security. Examples of basic security best practices include the following: Employees should use long, complex passwords. Employees should use two-factor authentication. Employees should be able to identify potential online scams. Managing Laptops and Mobile DevicesIf your employees bring their own devices (BYOD) to the workplace for use on your company network, you have a responsibility to ensure that they?re following proper protocol. Do you have a BYOD policy? If not, you should consider setting one up. You need to have some sort of oversight in regards to what data is being used and accessed on what devices. The idea is to restrict the flow of data through permissions so that you can know how it?s being used, and to limit its exposure to threats. This might seem like a lot to take in, but you don?t have anything to worry about. Most of these issues can be resolved simply by having an IT technician on-hand to consult in times of need. If you don?t have an in-house IT department, this might seem like an impossible task. Thankfully, White Mountain IT Services makes it easy for your business to keep your technology functioning properly and running without incident; all thanks to outsourced managed IT services. White Mountain IT Services can handle the everyday management and maintenance of your IT systems, and act as a consultant, helping you make educated decisions about the future of your technology systems. For more information, give us a call at (603) 889-0800.

Clicking on Risky Websites – The web is pretty big, so when an employee has been searching for something and finally manages to find a link, they might not always think about the source. As a result, your network and files could be subject to any number of threats. Be sure to emphasize to your employees that there is such a thing as ?too good to be true,? especially on the Internet. Weak or Personal Passwords – As much as your employees might love their dogs, cars, or a particular date in time, a password is no place to express that love. Also, if they actually use ?password? as their password, they are just begging for trouble. Encourage them to use private, randomized strings of numbers and letters as insistently and consistently as possible. Lax Habits in Mobile Security – You may have the latest versions of spyware and virus blockers on your company desktops, but do your employees have the same on their tablets, phones, and other portable electronics? Without the same security, once they are connected to your network, these devices leave your network wide open for breaches. Be sure your employees aren?t leaving points of access to your network without safeguards by establishing mobile device policies and a BYOD (Bring Your Own Device) policy. Using Insecure Connections to Access Sensitive Data – Are your employees reviewing company files on their lunch break by using the local fast food franchise?s free Wi-Fi? If they are, it is recommended that you put a stop to it; as public Wi-Fi hotspots are prone to have malware lurking about. Lost or Stolen Unencrypted Tech – So an employee is riding the bus to work, and leaves their company phone behind when they disembark. Without encryption software, that phone is potentially an encyclopedia of company data and information for sale to competitors, as well as a free pass into company files and email. Enforcing encryption policies helps to mitigate this risk. Shadow IT – An employee decides that they prefer a different program to perform their job-related task and downloads a copy of that program onto their company desktop without the knowledge of the IT department. Besides the question of compatibility with your systems, it spreads your company data into yet another system, but this time you don?t have control over it. Plus, there is always the risk that the download will come with a bonus – vulnerabilities that could allow malware to hitch a free ride into the network. Be vigilant regarding the use of unapproved, personally downloaded applications. Phishing Calls/Personalized Phishing Emails – One of your HR employees checks their email and finds what looks to be a job application directed specifically to them, using their name, title, and other personal identifiers. They click on the included link, not realizing that the email was actually from a hacker who did a bit of research on Facebook and LinkedIn, and downloads a mess of viruses. Impress upon your employees the importance of private social media accounts and the careful consideration of any linked content from unknown senders. Similarly, make sure your employees can recognize and appropriately handle phishing telephone calls for both live callers and robocalls, and understand the importance of not sharing company information compulsively. Personal Email Use – The news […]

The law in question is the Electronic Communications Privacy Act (ECPA), which was originally passed in 1986. What makes this situation rather precarious is that this 30-year old law is used to justify accessing emails today. To fully grasp how odd this is, consider how much email usage has changed during this time period, much less the technological landscape in general. The wording of this law makes it so that any stored electronic communication (like email) that?s more than 180 days old is considered ?abandoned,? and therefore, is subject to law enforcement agencies accessing it without a warrant. This presents a major problem for modern computer users that communicate primarily through electronic communication and store everything (going way further back than 180 days) in an Internet-connected database, like the cloud. Obviously, this describes pretty much everybody and the majority of organizations today. Recently, legislative action has been enacted to try and close this loophole. CompTIA reports: On April 13th, the House Judiciary Committee unanimously passed an amended version of the Email Privacy Act (H.R. 699)… The Email Privacy Act would put an end to this outdated 180 day rule and require a warrant for law enforcement to access the content of all stored communications. While the current iteration of the bill is not perfect, we were happy to see that it does not contain a carve out to the warrant requirement for civil agencies, nor does it alter ECPA?s emergency exception procedures. The goal behind closing this loophole is to protect citizens from government overreach, as well as the service providers who store digital information for the population. As society grows hugely dependent on digital information, it?s more important than ever to update the laws that govern data usage in order to protect privacy rights. Is all of this news to you or did you already know about the ECPA loophole? Is data privacy something that concerns you, or do you not much care if the government reads your emails? Share your thoughts with us in the comments.

Types of Cloud SolutionsImplementing the cloud into your current business model is easier said than done. In order to get the best return on investment for your cloud technology, you need to take your various options into account. We?ve outlined some basic information about the various types of cloud computing your business should know about. Public cloud: The public cloud is a solution that?s designed to maximize efficiency for the user. The management and maintenance of the public cloud is handled by the provider. This is great for businesses that want a hands-off cloud experience at the expense of control over data. Private cloud: The private cloud is often hosted either in-house or by an outsourced IT provider. As such, they require proper management and maintenance to ensure functionality. The private cloud is preferred by companies that want to maximize data security and want the most control over their data. Hybrid cloud: The hybrid cloud is a solid middle ground for users who don?t want to exchange data security for operational efficiency. What to ConsiderIn order to make the most educated decision you can, we recommend taking the following variables into account when choosing your cloud solution. Data security: Businesses that want to maximize data security will appreciate the private cloud. The private cloud allows for additional security measures, like secondary hardware-based security solutions, that can maximize the security of your data. Access control: If you don?t want that much control over your data, the public cloud is a good choice. However, users who want to maximize access control and role-based user access will want to invest in a private or hybrid cloud. Management responsibility: Just like other computing hardware and software, a cloud solution requires a certain expertise that should be administered by a qualified IT technician. If you don?t want this responsibility, the public cloud is for you; though it should be mentioned that a hybrid cloud allows your business to take advantage of the many benefits of both private and public clouds. White Mountain IT Services can help your business integrate and adjust to a new cloud computing solution. We can assist and consult your team through each and every step of the cloud adoption process. To learn more, give us a call at (603) 889-0800.